`CHECK` fail in `Unbatch` in TensorFlow
Description
TensorFlow is an open source platform for machine learning. When Unbatch receives a nonscalar input id, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 4419d10d576adefa36b0e0a9425d2569f7c0189f. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tensorflowPyPI | < 2.7.2 | 2.7.2 |
tensorflowPyPI | >= 2.8.0, < 2.8.1 | 2.8.1 |
tensorflowPyPI | >= 2.9.0, < 2.9.1 | 2.9.1 |
tensorflow-cpuPyPI | < 2.7.2 | 2.7.2 |
tensorflow-cpuPyPI | >= 2.8.0, < 2.8.1 | 2.8.1 |
tensorflow-cpuPyPI | >= 2.9.0, < 2.9.1 | 2.9.1 |
tensorflow-gpuPyPI | < 2.7.2 | 2.7.2 |
tensorflow-gpuPyPI | >= 2.8.0, < 2.8.1 | 2.8.1 |
tensorflow-gpuPyPI | >= 2.9.0, < 2.9.1 | 2.9.1 |
Affected products
1- Range: < 2.7.2
Patches
14419d10d576aFix check failure in Unbatch Op kernel by checking whether input argument is a scalar before trying to extract value.
2 files changed · +27 −0
tensorflow/core/kernels/batch_kernels.cc+7 −0 modified@@ -23,6 +23,7 @@ limitations under the License. #include "tensorflow/core/framework/op_requires.h" #include "tensorflow/core/framework/resource_mgr.h" #include "tensorflow/core/framework/tensor.h" +#include "tensorflow/core/framework/tensor_shape.h" #include "tensorflow/core/framework/tensor_util.h" #include "tensorflow/core/framework/types.h" #include "tensorflow/core/kernels/batching_util/adaptive_shared_batch_scheduler.h" @@ -654,6 +655,12 @@ class UnbatchResource : public ResourceBase { batch_index_t.shape().dim_size(1), "."); } + if (!TensorShapeUtils::IsScalar(context->input(2).shape())) { + return errors::InvalidArgument( + "Input id should be scalar; " + "Got: ", + context->input(2).DebugString(), "."); + } const int64_t batch_key = context->input(2).scalar<int64_t>()(); const bool nonempty_input = batch_index_t.dim_size(0) > 0;
tensorflow/python/ops/batch_ops_test.py+20 −0 modified@@ -236,6 +236,26 @@ def worker(): self.assertEqual(thread_results[0], [2]) self.assertEqual(main_results[0], [3]) + def testUnbatchInvalidIdArg(self): + """Tests that unbatch work together.""" + if context.executing_eagerly(): + batched_tensor = constant_op.constant( + value=np.random.random(size=(3, 3, 1)), dtype=dtypes.float64) + batched_index = constant_op.constant( + value=np.random.randint(0, 100, size=(3, 3, 1)), dtype=dtypes.int64) + arg_id = constant_op.constant( + value=np.random.randint(0, 100, size=(3, 3, 1)), dtype=dtypes.int64) + + with self.assertRaisesRegex(errors.InvalidArgumentError, + "Input id should be scalar;"): + batch_ops.unbatch( + batched_tensor=batched_tensor, + batch_index=batched_index, + id=arg_id, + timeout_micros=50, + container="", + shared_name="") + def testBatchDecoratedWithCapturedInput(self): """Tests that the batch_function decorator works.""" if context.executing_eagerly():
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-mh3m-62v7-68xgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-36002ghsaADVISORY
- github.com/tensorflow/tensorflow/commit/4419d10d576adefa36b0e0a9425d2569f7c0189fghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/releases/tag/v2.10.0ghsaWEB
- github.com/tensorflow/tensorflow/security/advisories/GHSA-mh3m-62v7-68xgghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.